
# Remove the old tenant information (ensure all VMs are removed first)
sudo nova-manage project scrub MyTenant

# Install the identity service (keystone)
sudo apt-get install -y keystone

# Initialize the database
sudo -u keystone keystone-manage db_sync

# Set up the keystone credentials
cat > ~/credentials/openrc <<EOF
export OS_USERNAME=myuser
export OS_PASSWORD=mypassword
export OS_TENANT_NAME=MyTenant
export OS_AUTH_URL=http://127.0.0.1:5000/v2.0/
export OS_REGION_NAME=RegionOne
export SERVICE_TOKEN=ADMIN
export SERVICE_ENDPOINT=http://127.0.0.1:35357/v2.0
EOF

# Update the envirnoment with the new credentials
cat ~/credentials/openrc >> ~/.bashrc
source ~/.bashrc

# Create a new tenant
TENANT_ID=`keystone tenant-create --name MyTenant | awk -F"|" '{ if (NR == 6) print $3}' | tr -d ' '`

# Create a new user
USER_ID=`keystone user-create --tenant_id $TENANT_ID --name myuser --pass mypassword | awk -F"|" '{ if (NR == 6) print $3}' | tr -d ' '`

# Create new roles
ROLE_ID=`keystone role-create --name admin | awk -F"|" '{ if (NR == 4) print $3}' | tr -d ' '`
keystone role-create --name member

# List the new tenants, users and roles
keystone tenant-list
keystone user-list
keystone role-list

# Grant the role to the user
keystone user-role-add --user $USER_ID --tenant_id $TENANT_ID --role $ROLE_ID

# Populate the services in the service catalog 
KEYSTONE_SVC_ID=`keystone service-create --name=keystone --type=identity --description="Keystone Identity Service" | awk -F"|" '{ if (NR == 5) print $3}' | tr -d ' '`
NOVA_SVC_ID=`keystone service-create --name=nova --type=compute --description="Nova Compute Service" | awk -F"|" '{ if (NR == 5) print $3}' | tr -d ' '`
VOLUME_SVC_ID=`keystone service-create --name=volume --type=volume --description="Nova Volume Service" | awk -F"|" '{ if (NR == 5) print $3}' | tr -d ' '`
GLANCE_SVC_ID=`keystone service-create --name=glance --type=image --description="Glance Image Service" | awk -F"|" '{ if (NR == 5) print $3}' | tr -d ' '`
EC2_SVC_ID=`keystone service-create --name=ec2 --type=ec2 --description="EC2 Compatibility Layer" | awk -F"|" '{ if (NR == 5) print $3}' | tr -d ' '`

# Verify the new services
keystone service-list

# Populate the endpoints in the service catalog
keystone endpoint-create --region RegionOne --service_id=$KEYSTONE_SVC_ID --publicurl=http://127.0.0.1:5000/v2.0 --internalurl=http://127.0.0.1:5000/v2.0 --adminurl=http://127.0.0.1:35357/v2.0
keystone endpoint-create --region RegionOne --service_id=$NOVA_SVC_ID --publicurl='http://127.0.0.1:8774/v2/%(tenant_id)s' --internalurl='http://127.0.0.1:8774/v2/%(tenant_id)s' --adminurl='http://127.0.0.1:8774/v2/%(tenant_id)s'
keystone endpoint-create --region RegionOne --service_id=$VOLUME_SVC_ID --publicurl='http://127.0.0.1:8776/v1/%(tenant_id)s' --internalurl='http://127.0.0.1:8776/v1/%(tenant_id)s' --adminurl='http://127.0.0.1:8776/v1/%(tenant_id)s'
keystone endpoint-create --region RegionOne --service_id=$GLANCE_SVC_ID --publicurl=http://127.0.0.1:9292/v1 --internalurl=http://127.0.0.1:9292/v1 --adminurl=http://127.0.0.1:9292/v1
keystone endpoint-create --region RegionOne --service_id=$EC2_SVC_ID --publicurl='http://127.0.0.1:8773/services/Cloud' --internalurl='http://127.0.0.1:8773/services/Cloud' --adminurl='http://127.0.0.1:8773/services/Admin'

# Verify the new endpoints
keystone endpoint-list

# Verify identity service is functioning
curl -d '{"auth": {"tenantName": "MyTenant", "passwordCredentials": {"username": "myuser", "password": "mypassword"}}}' -H "Content-type: application/json" http://127.0.0.1:35357/v2.0/tokens | python -m json.tool

# Configure nova to use keystone
sudo sed -i 's/admin_tenant_name = %SERVICE_TENANT_NAME%/admin_tenant_name = MyTenant/g' /etc/nova/api-paste.ini
sudo sed -i 's/admin_user = %SERVICE_USER%/admin_user = myuser/g' /etc/nova/api-paste.ini
sudo sed -i 's/admin_password = %SERVICE_PASSWORD%/admin_password = mypassword/g' /etc/nova/api-paste.ini
sudo sed -i 's/--use_deprecated_auth/--auth_strategy=keystone/g' /etc/nova/nova.conf

# Configure the glance-api service to use keystone
sudo sed -i 's/admin_tenant_name = %SERVICE_TENANT_NAME%/admin_tenant_name = MyTenant/g' /etc/glance/glance-api-paste.ini
sudo sed -i 's/admin_user = %SERVICE_USER%/admin_user = myuser/g' /etc/glance/glance-api-paste.ini
sudo sed -i 's/admin_password = %SERVICE_PASSWORD%/admin_password = mypassword/g' /etc/glance/glance-api-paste.ini
sudo sed -i 's/pipeline = versionnegotiation context apiv1app/pipeline = versionnegotiation authtoken auth-context apiv1app/g' /etc/glance/glance-api-paste.ini

( cat | sudo tee -a /etc/glance/glance-api.conf ) <<EOF
[paste_deploy]
flavor = keystone
EOF

# Configure the glance-registry service to use keystone
sudo sed -i 's/admin_tenant_name = %SERVICE_TENANT_NAME%/admin_tenant_name = MyTenant/g' /etc/glance/glance-registry-paste.ini
sudo sed -i 's/admin_user = %SERVICE_USER%/admin_user = myuser/g' /etc/glance/glance-registry-paste.ini
sudo sed -i 's/admin_password = %SERVICE_PASSWORD%/admin_password = mypassword/g' /etc/glance/glance-registry-paste.ini
sudo sed -i 's/pipeline = context registryapp/pipeline = authtoken auth-context context registryapp/g' /etc/glance/glance-registry-paste.ini

( cat | sudo tee -a /etc/glance/glance-registry.conf ) <<EOF
[paste_deploy]
flavor = keystone
EOF

# Restart all services
sudo service nova-network restart
sudo service nova-compute restart
sudo service nova-scheduler restart
sudo service nova-api restart
sudo service nova-consoleauth restart
sudo service nova-cert restart
sudo service glance-api restart
sudo service glance-registry restart
sudo service keystone restart
